Your submission was sent successfully! Close

CVE-2017-5462

Published: 20 April 2017

A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Notes

AuthorNote
leosilva
fixed for nss in precise after version upgrade
Priority

Medium

CVSS 3 base score: 5.3

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
precise Does not exist
(precise was ignored)
trusty Does not exist
(trusty was released [53.0+build6-0ubuntu0.14.04.1])
upstream
Released (53.0)
xenial
Released (53.0+build6-0ubuntu0.16.04.1)
yakkety
Released (53.0+build6-0ubuntu0.16.10.1)
zesty
Released (53.0+build6-0ubuntu0.17.04.1)
nss
Launchpad, Ubuntu, Debian
precise
Released (2:3.28.4-0ubuntu0.12.04.1)
trusty
Released (2:3.28.4-0ubuntu0.14.04.1)
upstream
Released (3.28.4, 3.30.1)
xenial
Released (2:3.28.4-0ubuntu0.16.04.1)
yakkety
Released (2:3.28.4-0ubuntu0.16.10.1)
zesty
Released (2:3.28.4-0ubuntu0.17.04.1)
Patches:
upstream: https://hg.mozilla.org/projects/nss/rev/7248d38b76e5
thunderbird
Launchpad, Ubuntu, Debian
precise Does not exist
(precise was needs-triage)
trusty Does not exist
(trusty was released [1:52.1.1+build1-0ubuntu0.14.04.1])
upstream
Released (52.1.1)
xenial
Released (1:52.1.1+build1-0ubuntu0.16.04.1)
yakkety
Released (1:52.1.1+build1-0ubuntu0.16.10.1)
zesty
Released (1:52.1.1+build1-0ubuntu0.17.04.1)